| View previous topic :: View next topic |
| Author |
Message |
lyallp
Veteran
Joined: 15 Jul 2004
Posts: 1619
Location: Adelaide/Australia
|
 Posted: Sat Mar 01, 2025 12:41 pm Post subject: Qemu Guest (Win10 and Gentoo) networking not working |
 |
|
Windows 10 Guest cannot see LAN nor internet.
It used to work, not long ago, not sure where things went wrong.
Any assistance would be appreciated.
My home LAN is quite simple, no vlans, subnets, etc.
Host is Gentoo
| Code: | # uname -a
Linux Lyalls-PC 6.12.16-gentoo #1 SMP PREEMPT_DYNAMIC Sat Mar 1 21:36:02 ACDT 2025 x86_64 Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz GenuineIntel GNU/Linux |
| Code: | app-emulation/qemu
Installed versions: 9.1.2^t(04:17:01 21/02/25)(aio alsa bzip2 curl fdt filecaps fuse gnutls gtk io-uring jemalloc jpeg keyutils multipath ncurses nls opengl oss pam pin-upstream-blobs pipewire plugins png pulseaudio python sasl sdl sdl-image seccomp slirp spice ssh udev usb usbredir vde vhost-net virgl virtfs vnc vte xattr zstd -accessibility -bpf -capstone -debug -doc -glusterfs -infiniband -iscsi -jack -lzo -nfs -numa -rbd -selinux -smartcard -snappy -static-user -systemtap -test -xdp -xen PYTHON_TARGETS="python3_12 -python3_11 -python3_13" QEMU_SOFTMMU_TARGETS="x86_64 -aarch64 -alpha -arm -avr -cris -hppa -i386 -loongarch64 -m68k -microblaze -microblazeel -mips -mips64 -mips64el -mipsel -or1k -ppc -ppc64 -riscv32 -riscv64 -rx -s390x -sh4 -sh4eb -sparc -sparc64 -tricore -xtensa -xtensaeb" QEMU_USER_TARGETS="x86_64 -aarch64 -aarch64_be -alpha -arm -armeb -cris -hexagon -hppa -i386 -loongarch64 -m68k -microblaze -microblazeel -mips -mips64 -mips64el -mipsel -mipsn32 -mipsn32el -or1k -ppc -ppc64 -ppc64le -riscv32 -riscv64 -s390x -sh4 -sh4eb -sparc -sparc64 -sparc32plus -xtensa -xtensaeb") |
Using
| Code: | app-emulation/virt-manager
Installed versions: 4.1.0-r1^t(04:29:43 02/12/24)(gui policykit -sasl -test PYTHON_SINGLE_TARGET="python3_12 -python3_10 -python3_11") |
Windows 10 guest has SPICE Guest Tools 0.141 installed as well as virtio-win-guest-tools 0.1.240
Host
| Code: | # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 1a:3c:7b:8d:77:da brd ff:ff:ff:ff:ff:ff
3: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 70:4d:7b:67:83:60 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.158/24 brd 192.168.0.255 scope global noprefixroute enp0s31f6
valid_lft forever preferred_lft forever
inet6 2403:580d:c215:0:3c5c:cd88:bfa:17a7/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 300sec preferred_lft 300sec
inet6 fe80::16:cb73:9a0b:20c8/64 scope link
valid_lft forever preferred_lft forever
4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
5: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
6: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/sit 0.0.0.0 brd 0.0.0.0
7: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP group default qlen 1000
link/ether 52:54:00:a8:44:e7 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
18: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UNKNOWN group default qlen 1000
link/ether fe:54:00:dc:28:51 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fedc:2851/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
|
Guest NIC setup
| Code: | <interface type="network">
<mac address="52:54:00:dc:28:51"/>
<source network="default" portid="b3663b2f-c3aa-4c1a-9d53-218b97a0c3a8" bridge="virbr0"/>
<target dev="vnet1"/>
<model type="e1000e"/>
<alias name="net0"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>
|
Guest
| Code: | C:\Users\Support>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Lyalls-Win10-VM
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 52-54-00-DC-28-51
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a893:c121:8d87:d976%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.122.51(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, 1 March 2025 10:58:06 PM
Lease Expires . . . . . . . . . . : Sunday, 2 March 2025 12:03:05 AM
Default Gateway . . . . . . . . . : 192.168.122.1
DHCP Server . . . . . . . . . . . : 192.168.122.1
DHCPv6 IAID . . . . . . . . . . . : 374494208
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2C-ED-FB-4A-08-00-27-1F-C4-AA
DNS Servers . . . . . . . . . . . : 192.168.122.1
NetBIOS over Tcpip. . . . . . . . : Enabled
|
_________________
...Lyall |
|
| Back to top |
|
 |
mrbassie
l33t
Joined: 31 May 2013
Posts: 842
Location: Go past the sign for cope, right at the sign for seethe. If you see the target you've missed it.
|
| Posted: Fri Mar 07, 2025 10:37 am Post subject: |
|
|
Do Linux guests work?
_________________
I spent a christmas in Vienna twenty something years ago. It was a beautiful city. Everyone was so friendly. |
|
| Back to top |
|
|
lyallp
Veteran
Joined: 15 Jul 2004
Posts: 1619
Location: Adelaide/Australia
|
| Posted: Fri Mar 07, 2025 11:31 am Post subject: |
|
|
No
No guests, windows 10 nor Gentoo linux appear to have network connectivity with my Gentoo Host nor with the internet.
_________________
...Lyall |
|
| Back to top |
|
|
mrbassie
l33t
Joined: 31 May 2013
Posts: 842
Location: Go past the sign for cope, right at the sign for seethe. If you see the target you've missed it.
|
| Posted: Fri Mar 07, 2025 3:43 pm Post subject: |
|
|
I recently fixed the same thing you describe, hadn't fired up a vm in a while. I presume you've googled this and seen on the arch forum and elsewhere a fix being to change | Code: | | firewall_backend = "nftables" |
to:
| Code: | | firewall_backend = "iptables" |
in /etc/libvirt/network.conf.
If not, try it. Didn't work for me.
I see you have an intel cpu, In my case (probably a result of my own tinkering) it turned out CONFIG_I2C_I801 was not enabled in my last but one kernel build.
_________________
I spent a christmas in Vienna twenty something years ago. It was a beautiful city. Everyone was so friendly. |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23356
|
| Posted: Fri Mar 07, 2025 4:12 pm Post subject: |
|
|
| I understand from the opening post that guests cannot reach systems on the LAN. Can guests reach the host? What firewall is the host using, and what rules are loaded? Is IP forwarding enabled on the host? |
|
| Back to top |
|
|
lyallp
Veteran
Joined: 15 Jul 2004
Posts: 1619
Location: Adelaide/Australia
|
| Posted: Sat Mar 08, 2025 2:29 am Post subject: |
|
|
I stand corrected, I booted up my Gentoo VM hosted on Gentoo.
The Gentoo VM is able to ping the Gentoo Host
My Gentoo host runs failtoban and has the following iptables ruleset.
I can access my host PC web page elsewhere, all is fine, its the Qemu Guests that can't get out.
They used to but something happened and all my Qemu guests lost internet connectivity.
I have looked at the Qemu wiki page and made every kernel parameter 'Y' not 'M', and can post the .config here, if needed.
| Code: | Lyalls-PC ~
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_INP all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:sunproxyadmin
ACCEPT tcp -- anywhere anywhere tcp dpt:49152
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere tcp dpt:24800
Chain FORWARD (policy DROP)
target prot opt source destination
LIBVIRT_FWX all -- anywhere anywhere
LIBVIRT_FWI all -- anywhere anywhere
LIBVIRT_FWO all -- anywhere anywhere
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_OUT all -- anywhere anywhere
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain LIBVIRT_FWI (1 references)
target prot opt source destination
Chain LIBVIRT_FWO (1 references)
target prot opt source destination
Chain LIBVIRT_FWX (1 references)
target prot opt source destination
Chain LIBVIRT_INP (1 references)
target prot opt source destination
Chain LIBVIRT_OUT (1 references)
target prot opt source destination |
_________________
...Lyall |
|
| Back to top |
|
|
lyallp
Veteran
Joined: 15 Jul 2004
Posts: 1619
Location: Adelaide/Australia
|
| Posted: Wed Apr 02, 2025 11:16 am Post subject: |
|
|
I updated my kernel today.
FYI: current kernel is | Code: | Linux Lyalls-PC 6.12.21-gentoo #1 SMP PREEMPT_DYNAMIC Wed Apr 2 20:07:27 ACDT 2025 x86_64 Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz GenuineIntel GNU/Linux
|
I have tried creating a brand new VM, in particular, Windows 10, using ISO images downloaded from Microsoft today.
Even this guest does not have network connectivity.
Otherwise, the Guests seem to work fine.
I should mention my sole VirtualBox Guest works just fine, internet connectivity and all.
Any suggestions where to look?
I have been struggling with this for a while now, and all my VM's *used* to work and at some point stopped having internet connectivity.
_________________
...Lyall |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23356
|
| Posted: Wed Apr 02, 2025 1:56 pm Post subject: |
|
|
You did not show the nat table, which is likely relevant here. I also do not see an answer with regard to IP forwarding. On the hypervisor, what is the output of cat /proc/sys/net/ipv4/ip_forward; iptables-save -c?
I see you use Docker, and that it added iptables rules. As a blind guess, I will then speculate that Docker added some rule(s) that are interfering. Once I see the full machine-readable iptables state requested above, I should be better positioned to confirm or reject that speculation. |
|
| Back to top |
|
|
lyallp
Veteran
Joined: 15 Jul 2004
Posts: 1619
Location: Adelaide/Australia
|
| Posted: Wed Apr 02, 2025 11:20 pm Post subject: |
|
|
Thank you for your assistance, I really appreciate it.
I installed docker as an experiment, and things worked.
I am happy to uninstall docker if you think it will help.
The requested output
| Code: | # cat /proc/sys/net/ipv4/ip_forward; echo "----------IPTABLES---------------"; iptables-save -c
1
----------IPTABLES---------------
# Generated by iptables-save v1.8.11 on Thu Apr 3 09:48:40 2025
*nat
:PREROUTING ACCEPT [14662219:1760486404]
:INPUT ACCEPT [13383235:1540006085]
:OUTPUT ACCEPT [47680892:5475633668]
:POSTROUTING ACCEPT [47688168:5476299757]
:DOCKER - [0:0]
:LIBVIRT_PRT - [0:0]
[40620713:2652241290] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[136111:7385382] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
[74077880:12945062368] -A POSTROUTING -j LIBVIRT_PRT
[1:90] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
[0:0] -A POSTROUTING -s 10.55.174.0/24 -j MASQUERADE
[0:0] -A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Thu Apr 3 09:48:40 2025
# Generated by iptables-save v1.8.11 on Thu Apr 3 09:48:40 2025
*mangle
:PREROUTING ACCEPT [2876300979:14720949134955]
:INPUT ACCEPT [2843796285:14601781687184]
:FORWARD ACCEPT [32067590:118989352917]
:OUTPUT ACCEPT [1735809927:11533294525069]
:POSTROUTING ACCEPT [1771701533:11654243122778]
:LIBVIRT_PRT - [0:0]
[1771701533:11654243122778] -A POSTROUTING -j LIBVIRT_PRT
COMMIT
# Completed on Thu Apr 3 09:48:40 2025
# Generated by iptables-save v1.8.11 on Thu Apr 3 09:48:40 2025
*filter
:INPUT ACCEPT [1622566357:7800565812419]
:FORWARD DROP [110434:16571633]
:OUTPUT ACCEPT [1027343078:6524148646679]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
:LIBVIRT_FWI - [0:0]
:LIBVIRT_FWO - [0:0]
:LIBVIRT_FWX - [0:0]
:LIBVIRT_INP - [0:0]
:LIBVIRT_OUT - [0:0]
[2840031710:14601552502920] -A INPUT -j LIBVIRT_INP
[7967055:1077980448] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
[42370:3146797] -A INPUT -p tcp -m tcp --dport 631 -j ACCEPT
[71406:5721888] -A INPUT -p tcp -m tcp --dport 8081 -j ACCEPT
[116299951:16674597627] -A INPUT -p tcp -m tcp --dport 49152 -j ACCEPT
[19046459:1660599216] -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[231417849:17380228356] -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
[19079:913675] -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
[88518:6076535] -A INPUT -p udp -m udp --dport 53 -j ACCEPT
[6243:1217514] -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
[1117458:79170346] -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
[6566040:1911446830] -A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
[58330737:3354674077] -A INPUT -p tcp -m tcp --dport 24800 -j ACCEPT
[32067590:118989352917] -A FORWARD -j LIBVIRT_FWX
[30692928:111474922402] -A FORWARD -j LIBVIRT_FWI
[8933260:2137490888] -A FORWARD -j LIBVIRT_FWO
[110442:16572170] -A FORWARD -j DOCKER-USER
[110442:16572170] -A FORWARD -j DOCKER-ISOLATION-STAGE-1
[0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o docker0 -j DOCKER
[0:0] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
[0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
[0:0] -A FORWARD -i pan1 -j ACCEPT
[0:0] -A FORWARD -o pan1 -j ACCEPT
[0:0] -A FORWARD -i pan1 -j ACCEPT
[1735809918:11533294522857] -A OUTPUT -j LIBVIRT_OUT
[0:0] -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
[110442:16572170] -A DOCKER-ISOLATION-STAGE-1 -j RETURN
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
[0:0] -A DOCKER-ISOLATION-STAGE-2 -j RETURN
[110656:16615282] -A DOCKER-USER -j RETURN
COMMIT
# Completed on Thu Apr 3 09:48:40 2025
Lyalls-PC ~
|
_________________
...Lyall |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23356
|
| Posted: Thu Apr 03, 2025 12:22 am Post subject: |
|
|
For now, hold off on removing docker.
Your FORWARD chain has a default policy of DROP. You have some rules in FORWARD that could accept the traffic, but none of them are obviously expected to match. How do packets from your guest appear on the hypervisor? Through a virtual ethernet card? What is the output of ip link on the hypervisor? What command line is used to start the qemu process? |
|
| Back to top |
|
|
zen_desu
Apprentice
Joined: 25 Oct 2024
Posts: 248
|
| Posted: Thu Apr 03, 2025 1:04 am Post subject: |
|
|
/etc/docker/daemon.json
| Code: |
{
"iptables": false,
"ip6tables": false
}
|
This should prevent docker from breaking routers. Don't ask me how long it took me to realize this was the fix.
_________________
µgRD dev
Wiki writer |
|
| Back to top |
|
|
lyallp
Veteran
Joined: 15 Jul 2004
Posts: 1619
Location: Adelaide/Australia
|
| Posted: Thu Apr 03, 2025 1:07 am Post subject: |
|
|
I had no | Code: | | /etc/docker/daemon.json |
- I have created it and | Code: | | rc-service docker restart |
- to no obvious effect - I do not actually have anything running in my docker instance at this time
I use virt-manager to control my QEmu VM's
| Code: | | Installed versions: 5.0.0-r1(04:30:14 28/03/25)(gui policykit -sasl -verify-sig PYTHON_SINGLE_TARGET="python3_12 -python3_10 -python3_11 -python3_13") |
I tried creating a new VM from scratch, yesterday. Accepting the defaults (which is NAT), and installed Win10 from an ISO.
No network.
I do have fail2ban running on my system, but have had for quite some time, and the virtual guests used to work with that too.
| Quote: | | How do packets from your guest appear on the hypervisor? |
Now I am showing my ignorance here, I am unsure of what you are asking.
In the XML settings (which can be seen by opening the guest from the virt-manager window and viewing 'details')
The guest has Virtual network 'default' : NAT
Device model e1000e
Mac address automatically generated
IP Address: unknown
Link state of Active
Before I start the Win10 Guest
| Code: | # ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 1a:3c:7b:8d:77:da brd ff:ff:ff:ff:ff:ff
3: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 70:4d:7b:67:83:60 brd ff:ff:ff:ff:ff:ff
4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
5: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
6: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/sit 0.0.0.0 brd 0.0.0.0
8: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb state DOWN mode DEFAULT group default qlen 1000
link/ether 52:54:00:a8:44:e7 brd ff:ff:ff:ff:ff:ff
Lyalls-PC ~
#
|
After I started the Guest
I see the following in my 'syslog' when I start my newly created Win10 guest.
| Code: |
Apr 3 11:31:52 lyalls-pc kernel: virbr0: port 1(vnet5) entered blocking state
Apr 3 11:31:52 lyalls-pc kernel: virbr0: port 1(vnet5) entered disabled state
Apr 3 11:31:52 lyalls-pc kernel: vnet5: entered allmulticast mode
Apr 3 11:31:52 lyalls-pc kernel: vnet5: entered promiscuous mode
Apr 3 11:31:52 lyalls-pc kernel: virbr0: port 1(vnet5) entered blocking state
Apr 3 11:31:52 lyalls-pc kernel: virbr0: port 1(vnet5) entered listening state
Apr 3 11:31:54 lyalls-pc kernel: virbr0: port 1(vnet5) entered learning state
Apr 3 11:31:56 lyalls-pc kernel: virbr0: port 1(vnet5) entered forwarding state
Apr 3 11:31:56 lyalls-pc kernel: virbr0: topology change detected, propagating
Apr 3 11:31:59 lyalls-pc ntpd[3580]: Listen normally on 14 virbr0 192.168.122.1:123
Apr 3 11:31:59 lyalls-pc ntpd[3580]: Listen normally on 15 vnet5 [fe80::fc54:ff:fe8f:8612%14]:123
|
| Code: | Lyalls-PC ~
# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 1a:3c:7b:8d:77:da brd ff:ff:ff:ff:ff:ff
3: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 70:4d:7b:67:83:60 brd ff:ff:ff:ff:ff:ff
4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
5: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
6: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/sit 0.0.0.0 brd 0.0.0.0
8: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP mode DEFAULT group default qlen 1000
link/ether 52:54:00:a8:44:e7 brd ff:ff:ff:ff:ff:ff
14: vnet5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether fe:54:00:8f:86:12 brd ff:ff:ff:ff:ff:ff
Lyalls-PC ~
#
|
_________________
...Lyall |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23356
|
| Posted: Thu Apr 03, 2025 2:14 pm Post subject: |
|
|
| I was expecting / hoping you were using the same setup I use, where a virtual Ethernet pair (CONFIG_VETH) provides one network card to the host, and another to the hypervisor. You are not. I see nothing obviously wrong in what you have given me, but since I don't use that setup, I could be missing something. I will need to take more time to analyze what you have. Perhaps someone else will spot something in the interim. |
|
| Back to top |
|
|
lyallp
Veteran
Joined: 15 Jul 2004
Posts: 1619
Location: Adelaide/Australia
|
| Posted: Thu Apr 03, 2025 2:22 pm Post subject: |
|
|
Your attempted assistance is greatly appreciated.
_________________
...Lyall |
|
| Back to top |
|
|
zen_desu
Apprentice
Joined: 25 Oct 2024
Posts: 248
|
| Posted: Thu Apr 03, 2025 6:40 pm Post subject: |
|
|
| zen_desu wrote: | /etc/docker/daemon.json
| Code: |
{
"iptables": false,
"ip6tables": false
}
|
This should prevent docker from breaking routers. Don't ask me how long it took me to realize this was the fix. |
With this, I believe you may have to manually clear your iptables and ip6tables rules for this change to take effect. The end result should ultimately be that forwarded traffic is not dropped by default.
_________________
µgRD dev
Wiki writer |
|
| Back to top |
|
|
lyallp
Veteran
Joined: 15 Jul 2004
Posts: 1619
Location: Adelaide/Australia
|
| Posted: Thu Apr 03, 2025 10:44 pm Post subject: |
|
|
I did an iptables -F and an ip6tables -F
I subsequently re-started fail2ban (which I have running), so it could re-load it's blockages.
No change, VM guest (windows 10, fresh install) still has no internet access.
This is quite frustrating, as I am sure you agree...
_________________
...Lyall |
|
| Back to top |
|
|
zen_desu
Apprentice
Joined: 25 Oct 2024
Posts: 248
|
| Posted: Fri Apr 04, 2025 2:23 am Post subject: |
|
|
Yes, you seem to have checked everything I can think of. I'm interested to see how you end up fixing it.
_________________
µgRD dev
Wiki writer |
|
| Back to top |
|
|
|
Networking & Security
